# Nginx reverse proxy configuration for HF Viz # Provides caching, compression, and load balancing upstream hfviz_backend { server localhost:8000; # Add more backend servers for load balancing # server localhost:8001; # server localhost:8002; keepalive 32; } # Cache configuration proxy_cache_path /var/cache/nginx/hfviz levels=1:2 keys_zone=hfviz_cache:100m max_size=10g inactive=60m use_temp_path=off; server { listen 80; listen [::]:80; server_name api.hfviz.example.com; # Change to your domain # Gzip compression gzip on; gzip_vary on; gzip_min_length 1000; gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/msgpack; # Security headers add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; # CORS headers (if needed) add_header Access-Control-Allow-Origin "*" always; add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always; add_header Access-Control-Allow-Headers "Origin, Content-Type, Accept, Authorization" always; add_header Access-Control-Expose-Headers "Cache-Control, Content-Type" always; # Handle preflight requests if ($request_method = OPTIONS) { return 204; } # Proxy settings proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Cache static API responses (GET only) location /api/models { proxy_pass http://hfviz_backend; # Enable caching for this endpoint proxy_cache hfviz_cache; proxy_cache_key "$request_method$request_uri"; proxy_cache_valid 200 5m; proxy_cache_valid 404 1m; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; proxy_cache_background_update on; proxy_cache_lock on; # Show cache status in response header add_header X-Cache-Status $upstream_cache_status; # Bypass cache for authenticated requests proxy_cache_bypass $http_authorization; proxy_no_cache $http_authorization; } location /api/stats { proxy_pass http://hfviz_backend; proxy_cache hfviz_cache; proxy_cache_valid 200 10m; add_header X-Cache-Status $upstream_cache_status; } # No caching for search/dynamic endpoints location /api/search { proxy_pass http://hfviz_backend; proxy_cache off; } location /api/model/ { proxy_pass http://hfviz_backend; # Light caching for model details proxy_cache hfviz_cache; proxy_cache_valid 200 10m; add_header X-Cache-Status $upstream_cache_status; } # No caching for write operations location ~ ^/api/.*/record$ { proxy_pass http://hfviz_backend; proxy_cache off; } # Default proxy for all other API endpoints location /api/ { proxy_pass http://hfviz_backend; # Timeouts for slow operations proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; } # Health check endpoint location /health { proxy_pass http://hfviz_backend/; access_log off; } # API docs location /docs { proxy_pass http://hfviz_backend/docs; } # Cache purge endpoint (restrict to localhost) location /purge { allow 127.0.0.1; deny all; proxy_cache_purge hfviz_cache "$request_method$request_uri"; } } # SSL configuration (if using HTTPS) # server { # listen 443 ssl http2; # listen [::]:443 ssl http2; # server_name api.hfviz.example.com; # # ssl_certificate /path/to/cert.pem; # ssl_certificate_key /path/to/key.pem; # ssl_protocols TLSv1.2 TLSv1.3; # ssl_ciphers HIGH:!aNULL:!MD5; # # # ... (same location blocks as above) # }